Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
If youâve interacted with Facebook, you may have had run-ins with spam bots that infest your profile (or your friendsâ profiles) and post links or advertisements without your permission. Well, the same malware that tells your friends to âCheck out this link for 90% off a BRAND NEW pair of Ray Bands. WOW!â is now being used to mine cryptocurrency. A downloaded client runs mining software that contributes hashing power to the malwareâs source server. Unaware Facebook users may have downloaded this bot through links shared on Facebook Messenger.
Mining on Someone Elseâs Dime
You could be mining cryptocurrency without even knowing it, all because of a mining bot spread through Facebook Messenger.
Lenart Bermejo and Hsia-Yu Shih originally covered the revelation in a Trend Micro report. The malware, called Digimine, originated in South Korea, propagates itself through Facebookâs messaging app, and is used to mine Monero. The bot is confined to Messengerâs desktop client and its Chrome browser extension. If you open the malware on another platform, such as Facebook Messengerâs mobile app, your device will not be infected. The report indicated that the botâs only surrogate is Messenger right now, but it warned that âit wouldnât be implausible for attackers to hijack the Facebook account itself down the line.â
Like other malware, Digimine can only be downloaded by activating its source link. Masquerading as a video file, Digimine is coded into AutoIT, a freeware scripting language designed for Windows. If you open the faux video file, your computer will begin running the AutoIT executable script, and if you have auto login enabled, the bot will automatically send the malware to your Facebook friends via Messenger.
Once it begins running the software, an infected computer connects to the malwareâs command-and-control server. This server allocates all of the computing power of infected devices for the purpose of mining Monero, a popular privacy coin. The more computers that become infected, the higher the hashrate for the central mining operations, meaning that Digimineâs orchestrators can expect a fatter payday.
So far, Trend Micro has traced this malware to Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand, and Venezuela, adding the caveat: âItâs not far-off for Digimine to reach other countries given the way it propagates.â
In response to the development, Facebook issued the following statement:
âWe maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger.â
If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners.â
In the report, Trend Micro revealed that the malicious links may include the following terms: vijus[.]bid, ozivu[.]bid, thisdayfunnyday[.]space, thisaworkstation[.]space, mybigthink[.]space, mokuz[.]bid, pabus[.]bid, yezav[.]bid, bigih[.]bid, taraz[.]bid, megu[.]info. The report also lists a number of indicators that may help determine whether or not a device has been infected. For example, if you were to download the malware while using Facebookâs Chrome extension, the malware would terminate and then relaunch Chrome to load Digimine.
If you think your computer has been infected, you can visit facebook.com/help for tips and information on how to move forward.
Â
Â
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.